Secure extranets & customer portals

We build and maintain sites with secure, private areas, with personalised user content.

What is an Extranet?

When a business needs a way to provide quality, manageable information to their own staff, clients or customers and they want it to be in the most secure way possible, an extranet is the best option.

Types of secure area

Extranet

An extranet is a kind of website that allows access to controlled information to people outside an organisation. In a business-to-business (B2B) context that usually means partners, distributors or suppliers. Secure access is usually controlled using a username and password.

Customer portal

In a business-to-consumer (B2C) context an extranet may be called a customer or membership portal. Access is still controlled through a secure login area, but the information provided may be oriented around the services or products that the organisation provides to the customer.

Intranet

An intranet is a network which exists within an organisation, for its employees or close-working partners. It usually includes a website with internal information on it. Access may be controlled through a a login system, but this is often not necessary because the connection to the network is controlled in other ways, such as via a VPN (Virtual Private Network).

Extranet for business

Extranets take a variety of forms, for example:

Distributor extranets can help a company collaborate with its distributors and retailers; the extranet can contain documentation , image galleries and other static materials
The extranet can have online tools such as product registration, warranty claims and a means of letting retailers update their location and profile
It can have online calculators for field sales personnel, such as consumable calculators; it can be used for advertising vacancies across a group of companies
In a professional services context, an extranet can have a database of personal profiles, listing the relevant skills and services offered; the password-protected area of the site can have a profile management tool, while a perhaps public area of the site can have a search engine so that customers can find people with the skills they need.

Security

Security is a key aspect, and has many considerations.

Hosting arrangements are important, as a secure site may be targeted by hackers or even competitors. Servers should be regularly patched against known vulnerabilities.

It's common to use SSL security to encrypt data in transit. Tough passwords are essential, and they should be stored in an encrypted form rather than plain text. There should be a policy to keep an eye on people who have left the company.

Stored data may also need to be encrypted, as a last resort in case a downloaded backup or database is compromised.

Managing users

The management of users is an important part of any extranet. You will need to consider the user experience as much as the means of managing them.

An initial user base may be imported from a company directory or other list. Once imported, those users will be able to log in. There may be a self-registration form but on an extranet an in-house administrator usually must approve all new user access.

For extranets with large user bases, there is often a grouping or graded permission system, so that access to different parts of the extranet can be granted only to the right people. With groups, a user may typically be a member of one or several groups, and the permission to access content is granted to the members of a group.

Organisation models within an extranet

Some extranets have tools to model an organisation. For example, the user data model may be hierarchical, so as to model different levels of management. The CMS may have the ability to display an organisation chart.

External companies or locations may be modelled, and the CMS may permit users to be related with those organisations, possibly even capturing their job roles. In this way, it is possible to grant access to one of those organisations, such that when its employees log in, they have the appropriate access rights.